This is a great writeup, kudos for the PostHog folks.

Curious: would you be able to make your original exploitable workflow available for analysis? You note that a static analysis tool flagged it as potentially exploitable, but that the finding was suppressed under the belief that it was a false positive. I'm curious if there are additional indicators the tool could have detected that would have reduced the likelihood of premature suppression here.

(I tried to search for it, but couldn't immediately find it. I might be looking in the wrong repository, though.)